ASA 5505 IPSEC VPN connected but cannot access the local network

Similar Questions

• VPN IS CONNECTED BUT CANNOT ACCESS THE INTERNAL NETWORK

  I tried to set up a simple customer vpn using this document

  http://www.Cisco.com/en/us/products/sw/secursw/ps2308/products_configuration_example09186a00801e71c0.shtml

  VPN IS CONNECTED BUT CANNOT ACCESS THE INTERNAL NETWORK BEHIND "RA"...

  6.3 (5) PIX version

  interface ethernet0 car

  Auto interface ethernet1

  ethernet0 nameif outside security0

  nameif ethernet1 inside the security100

  activate the encrypted password of VmHKIhnF4Gs5AWk3

  VmHKIhnF4Gs5AWk3 encrypted passwd

  hostname VOIPLABPIX

  domain voicelab.com

  fixup protocol dns-length maximum 512

  fixup protocol ftp 21

  fixup protocol h323 h225 1720

  fixup protocol h323 ras 1718-1719

  fixup protocol http 80

  fixup protocol they 389

  fixup protocol rsh 514

  fixup protocol rtsp 554

  fixup protocol sip 5060

  fixup protocol sip udp 5060

  fixup protocol 2000 skinny

  fixup protocol smtp 25

  fixup protocol sqlnet 1521

  fixup protocol tftp 69

  names of

  access-list 101 permit ip 172.10.2.0 255.255.255.0 172.10.3.0 255.255.255.0

  access-list 101 permit ip 172.10.1.0 255.255.255.0 172.10.3.0 255.255.255.0

  access-list 102 permit ip 172.10.2.0 255.255.255.0 172.10.3.0 255.255.255.0

  access-list 102 permit ip 172.10.1.0 255.255.255.0 172.10.3.0 255.255.255.0

  pager lines 24

  Outside 1500 MTU

  Within 1500 MTU

  IP address outside 208.x.x.11 255.255.255.0

  IP address inside 172.10.2.2 255.255.255.0

  alarm action IP verification of information

  alarm action attack IP audit

  IP local pool voicelabpool 172.10.3.100 - 172.10.3.254

  history of PDM activate

  ARP timeout 14400

  NAT (inside) - 0 102 access list

  Route outside 0.0.0.0 0.0.0.0 208.x.x.11 1

  Route inside 172.10.1.0 255.255.255.0 172.10.2.1 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225

  H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00

  Sip timeout - disconnect 0:02:00 prompt Protocol sip-0: 03:00

  Timeout, uauth 0:05:00 absolute

  GANYMEDE + Protocol Ganymede + AAA-server

  AAA-server GANYMEDE + 3 max-failed-attempts

  AAA-server GANYMEDE + deadtime 10

  RADIUS Protocol RADIUS AAA server

  AAA-server RADIUS 3 max-failed-attempts

  AAA-RADIUS deadtime 10 Server

  AAA-server local LOCAL Protocol

  Enable http server

  http 172.0.0.0 255.0.0.0 inside

  http 0.0.0.0 0.0.0.0 inside

  No snmp server location

  No snmp Server contact

  SNMP-Server Community public

  No trap to activate snmp Server

  enable floodguard

  Permitted connection ipsec sysopt

  Crypto ipsec transform-set esp-aes-256 trmset1, esp-sha-hmac

  Crypto-map dynamic map2 10 set transform-set trmset1

  map map1 10 ipsec-isakmp crypto dynamic map2

  client authentication card crypto LOCAL map1

  map1 outside crypto map interface

  ISAKMP allows outside

  ISAKMP identity address

  part of pre authentication ISAKMP policy 10

  ISAKMP policy 10 encryption aes-256

  ISAKMP policy 10 sha hash

  10 2 ISAKMP policy group

  ISAKMP life duration strategy 10 86400

  vpngroup address voicelabpool pool cuclab

  vpngroup dns 204.x.x.10 Server cuclab

  vpngroup cuclab by default-field voicelab.com

  vpngroup split tunnel 101 cuclab

  vpngroup idle 1800 cuclab-time

  vpngroup password cuclab *.

  Telnet timeout 5

  SSH 208.x.x.11 255.255.255.255 outside

  SSH 0.0.0.0 0.0.0.0 outdoors

  SSH 172.10.1.2 255.255.255.255 inside

  SSH timeout 60

  Console timeout 0

  username labadmin jNEF0yoDIDCsaoVQ encrypted password privilege 2

  Terminal width 80

  Cryptochecksum:b03a349e1ac9e6022432523bbb54504b

  : end

  Try to turn on NAT - T

  PIX (config) #isakmp nat-traversal 20

  http://www.Cisco.com/en/us/products/ps6120/products_tech_note09186a00807e0aca.shtml#Solution1

  HTH

• HP 15 laptop: laptop computer is connected to the wi - fi connection, but cannot access the internet

  Hello

  My problem is my WiFi says its connected but I can't browse or access the internet.it just tells me "unable to connect to internet computer is not connected to the internet", but my wifi says 'connected'.i tried to go to the cmd prompt and typed in "netsh int ip reset resetlog.txt c:\" goal it shows me "reset failed.access is denied .he don't s no user specified settings to be reset to zero." please "» What can I do?

  Thanks in advance.

  Hello @jerome256,

  Welcome to the HP Forums, I hope you enjoy your experience! To help you get the most out of the HP Forums, I would like to draw your attention to the HP Forums Guide first time here? Learn how to publish and more.

  I understand that you are having a problem with your WiFi and wanted to help you!

  You are trying to access WiFi through router?  If you are connected to your wireless network, but cannot access the internet, then the problem may be with the router.  Check that the router is connected to the internet.  If you have more than one router, then you can ensure that you are connected to the correct router.  You can also try unplugging the router for about 30 seconds, and then reconnecting it.  Please consult the following document, as it can help solve the problem for you:

  HP PC - Troubleshooting wireless network and Internet (Windows 10)

  Please let me know if this information has been helpful by clicking the thumbs up below.

  Have a great day!

• Easy VPN not able to access the local network

  Hi guys,.

  little hope can help me, I'll give you a run down on the config.

  I have a border router that is a no. 2851 connected to the No. 2851 is a switch cisco 3750 running Routing inter - vlan with four VLANS.

  I have easy VPN server on the edge router No. 2851 I am able to connect remotely from a client vpn cisco with a problem but I can't access the local network on the server, I tried everything with no luck.

  I have a cisco VPN client installed on a 64-bit windows system 7 and I also tried with windows xp 32-bit system and still no luck.

  Please I need help I need to get this race to end of trading today.

  I will be copying and pasting the edge router config please if someone get review and see if the config is good.

  You need to change your ACL PAT of standard to extend and to deny traffic to be translated to the Pool of VPN:

  access-list 120 deny ip 10.10.10.0 0.0.0.3 10.10.50.0 0.0.0.255

  access-list 120 deny ip 192.168.XX.0 0.0.0.255 10.10.50.0 0.0.0.255

  access-list 120 deny ip 172.16.XX.0 0.0.0.255 10.10.50.0 0.0.0.255

  access-list 120 deny ip 172.1X.20.0 0.0.0.255 10.10.50.0 0.0.0.255

  access-list 120 deny ip 192.168.XX.0 0.0.0.255 10.10.50.0 0.0.0.255

  access-list 120 allow ip 10.10.10.0 0.0.0.3 all

  IP access-list 120 permit 192.168.XX.0 0.0.0.255 any

  IP access-list 120 permit 172.16.XX.0 0.0.0.255 aniy

  IP access-list 120 permit 172.1X.20.0 0.0.0.255 any

  IP access-list 120 permit 192.168.XX.0 0.0.0.255 any

  overload of IP nat inside source list 120 interface Dialer0

  no nat ip within the source of the list 1 overload interface Dialer0

  clear the ip nat trans *.

  Hope that helps.

• Cisco ipsec Vpn connects but cannot communicate with lan

  I have a version of cisco 1921 15.2 (4) M3 I install vpn ipsec and may have customers to connect but cannot ping anything inside.  A glimpse of what could be wrong with my config would be greatly appreciated.  I posted the configuration as well as running a few outings of ipsec.  I also tried with multiple operating systems using cisco vpn client and shrewsoft.  I am able to connect to the other VPN ipsec running 1921 both of these computers by using a client.

  Thanks for any assistance

  SH run

  !
  AAA new-model
  !
  !
  AAA authentication login radius_auth local radius group
  connection of AAA VPN_AUTHEN group local RADIUS authentication
  AAA authorization network_vpn_author LAN
  !
  !
  !
  !
  !
  AAA - the id of the joint session
  clock timezone PST - 8 0
  clock to summer time recurring PST
  !
  no ip source route
  decline of the IP options
  IP cef
  !
  !
  !
  !
  !
  !
  no ip bootp Server
  no ip domain search
  domain IP XXX.local
  inspect the high IP 3000 max-incomplete
  inspect the low IP 2800 max-incomplete
  IP inspect a low minute 2800
  IP inspect a high minute 3000
  inspect the IP icmp SDM_LOW name
  inspect the IP name SDM_LOW esmtp
  inspect the tcp IP SDM_LOW name
  inspect the IP udp SDM_LOW name
  IP inspect name SDM_LOW ssh
  No ipv6 cef
  !
  Authenticated MultiLink bundle-name Panel
  !
  !
  Crypto pki trustpoint TP-self-signed-2909270577
  enrollment selfsigned
  name of the object cn = IOS - Self - signed - certificate - 2909270577
  revocation checking no
  rsakeypair TP-self-signed-2909270577
  !
  !
  TP-self-signed-2909270577 crypto pki certificate chain
  certificate self-signed 01
  license udi pid CISCO1921/K9 sn FTX1715818R
  !
  !
  Archives
  The config log
  Enable logging
  size of logging 1000
  notify the contenttype in clear syslog
  the ADMIN_HOSTS object-group network
  71.X.X.X 71.X.X.X range
  !
  name of user name1 secret privilege 15 4 XXXXXXX

  !
  redundancy
  !
  !
  !
  !
  !
  property intellectual ssh time 60
  property intellectual ssh authentication-2 retries
  property intellectual ssh event logging
  property intellectual ssh version 2
  !
  !
  crypto ISAKMP policy 1
  BA 3des
  preshared authentication
  Group 2
  !
  ISAKMP crypto client configuration group roaming_vpn
  key XXXXX
  DNS 192.168.10.10 10.1.1.1
  XXX.local field
  pool VPN_POOL_1
  ACL client_vpn_traffic
  netmask 255.255.255.0
  !
  !
  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
  tunnel mode
  !
  !
  !
  crypto dynamic-map VPN_DYNMAP_1 1
  Set the security association idle time 1800
  game of transformation-ESP-3DES-SHA
  market arriere-route
  !
  !
  list of authentication of card crypto SDM_CMAP_1 client VPN_AUTHEN
  map SDM_CMAP_1 isakmp authorization list network_vpn_author crypto
  client configuration address map SDM_CMAP_1 crypto answer
  map SDM_CMAP_1 65535-isakmp dynamic VPN_DYNMAP_1 ipsec crypto
  !
  !
  !
  !
  !
  the Embedded-Service-Engine0/0 interface
  no ip address
  Shutdown
  !
  interface GigabitEthernet0/0
  IP 76.W.E.R 255.255.255.248
  IP access-group ATT_Outside_In in
  no ip redirection
  no ip unreachable
  no ip proxy-arp
  NAT outside IP
  inspect the SDM_LOW over IP
  IP virtual-reassembly in
  load-interval 30
  automatic duplex
  automatic speed
  No cdp enable
  No mop enabled
  map SDM_CMAP_1 crypto
  !
  interface GigabitEthernet0/1
  no ip address
  load-interval 30
  automatic duplex
  automatic speed
  !
  interface GigabitEthernet0/1.10
  encapsulation dot1Q 1 native
  IP 192.168.10.1 255.255.255.0
  no ip redirection
  no ip unreachable
  no ip proxy-arp
  property intellectual accounting-access violations
  IP nat inside
  IP virtual-reassembly in
  !
  interface GigabitEthernet0/1.100
  encapsulation dot1Q 100
  10.1.1.254 IP address 255.255.255.0
  no ip redirection
  no ip unreachable
  no ip proxy-arp
  IP nat inside
  IP virtual-reassembly in
  !
  interface GigabitEthernet0/1,200
  encapsulation dot1Q 200
  IP 10.1.2.254 255.255.255.0
  no ip redirection
  no ip unreachable
  no ip proxy-arp
  IP nat inside
  IP virtual-reassembly in
  IP tcp adjust-mss 1452
  !
  local IP VPN_POOL_1 192.168.168.193 pool 192.168.168.254
  IP forward-Protocol ND
  !
  IP http server
  IP http authentication aaa-authentication of connection ADMIN_AUTHEN
  IP http secure server
  IP http timeout policy slowed down 60 life 86400 request 10000
  !
  IP nat inside source map route ATT_NAT_LIST interface GigabitEthernet0/0 overload
  IP nat inside source static tcp 192.168.10.10 25 expandable 25 76.W.E.R
  IP nat inside source static tcp 192.168.10.10 80 76.W.E.R 80 extensible
  IP nat inside source static tcp 192.168.10.10 76.W.E.R expandable 443 443
  IP nat inside source static tcp 192.168.10.10 76.W.E.R expandable 987 987
  IP route 0.0.0.0 0.0.0.0 76.W.E.F
  !
  ATT_Outside_In extended IP access list
  permit tcp object-group ADMIN_HOSTS any eq 22
  allow any host 76.W.E.R eq www tcp
  allow any host 76.W.E.R eq 443 tcp
  allow 987 tcp any host 76.W.E.R eq
  allow any host 76.W.E.R eq tcp smtp
  permit any any icmp echo response
  allow icmp a whole
  allow udp any any eq isakmp
  allow an esp
  allow a whole ahp
  permit any any eq non500-isakmp udp
  deny ip 10.0.0.0 0.255.255.255 everything
  deny ip 172.16.0.0 0.15.255.255 all
  deny ip 192.168.0.0 0.0.255.255 everything
  deny ip 127.0.0.0 0.255.255.255 everything
  refuse the ip 255.255.255.255 host everything
  refuse the host ip 0.0.0.0 everything
  NAT_LIST extended IP access list
  IP 10.1.0.0 allow 0.0.255.255 everything
  permit ip 192.168.10.0 0.0.0.255 any
  deny ip 192.168.10.0 0.0.0.255 192.168.168.192 0.0.0.63
  refuse the 10.1.1.0 ip 0.0.0.255 192.168.168.192 0.0.0.63
  deny ip 10.1.2.0 0.0.0.255 192.168.168.192 0.0.0.63
  client_vpn_traffic extended IP access list
  permit ip 192.168.10.0 0.0.0.255 192.168.168.192 0.0.0.63
  ip licensing 10.1.1.0 0.0.0.255 192.168.168.192 0.0.0.63
  IP 10.1.2.0 allow 0.0.0.255 10.1.1.0 0.0.0.255
  !
  radius of the IP source-interface GigabitEthernet0/1.10
  Logging trap errors
  logging source hostname id
  logging source-interface GigabitEthernet0/1.10
  !
  ATT_NAT_LIST allowed 20 route map
  corresponds to the IP NAT_LIST
  is the interface GigabitEthernet0/0
  !
  !
  SNMP-server community [email protected] / * /! s RO
  Server enable SNMP traps snmp authentication linkdown, linkup warmstart cold start
  Server enable SNMP traps vrrp
  Server SNMP enable transceiver traps all the
  Server enable SNMP traps ds1
  Enable SNMP-Server intercepts the message-send-call failed remote server failure
  Enable SNMP-Server intercepts ATS
  Server enable SNMP traps eigrp
  Server enable SNMP traps ospf-change of State
  Enable SNMP-Server intercepts ospf errors
  SNMP Server enable ospf retransmit traps
  Server enable SNMP traps ospf lsa
  Server enable SNMP traps ospf nssa-trans-changes state cisco-change specific
  SNMP server activate interface specific cisco-ospf traps shamlink state change
  SNMP Server enable neighbor traps cisco-specific ospf to the State shamlink change
  Enable SNMP-Server intercepts specific to cisco ospf errors
  SNMP server activate specific cisco ospf retransmit traps
  Server enable SNMP traps ospf cisco specific lsa
  SNMP server activate license traps
  Server enable SNMP traps envmon
  traps to enable SNMP-Server ethernet cfm cc mep-top low-mep Dispatcher loop config
  Enable SNMP-Server intercepts ethernet cfm overlap missing mep mep-unknown service-up
  Server enable SNMP traps auth framework sec-violation
  Server enable SNMP traps c3g
  entity-sensor threshold traps SNMP-server enable
  Server enable SNMP traps adslline
  Server enable SNMP traps vdsl2line
  Server enable SNMP traps icsudsu
  Server enable SNMP traps ISDN call-information
  Server enable SNMP traps ISDN layer2
  Server enable SNMP traps ISDN chan-not-available
  Server enable SNMP traps ISDN ietf
  Server enable SNMP traps ds0-busyout
  Server enable SNMP traps ds1-loopback
  SNMP-Server enable traps energywise
  Server enable SNMP traps vstack
  SNMP traps enable mac-notification server
  Server enable SNMP traps bgp cbgp2
  Enable SNMP-Server intercepts isis
  Server enable SNMP traps ospfv3-change of State
  Enable SNMP-Server intercepts ospfv3 errors
  Server enable SNMP traps aaa_server
  Server enable SNMP traps atm subif
  Server enable SNMP traps cef resources-failure-change of State peer peer-fib-state-change inconsistency
  Server enable SNMP traps memory bufferpeak
  Server enable SNMP traps cnpd
  Server enable SNMP traps config-copy
  config SNMP-server enable traps
  Server enable SNMP traps config-ctid
  entity of traps activate SNMP Server
  Server enable SNMP traps fru-ctrl
  SNMP traps-policy resources enable server
  Server SNMP enable traps-Manager of event
  Server enable SNMP traps frames multi-links bundle-incompatibility
  SNMP traps-frame relay enable server
  Server enable SNMP traps subif frame relay
  Server enable SNMP traps hsrp
  Server enable SNMP traps ipmulticast
  Server enable SNMP traps msdp
  Server enable SNMP traps mvpn
  Server enable SNMP traps PNDH nhs
  Server enable SNMP traps PNDH nhc
  Server enable SNMP traps PNDH PSN
  Server enable SNMP traps PNDH exceeded quota
  Server enable SNMP traps pim neighbor-rp-mapping-change invalid-pim-message of change
  Server enable SNMP traps pppoe
  Enable SNMP-server holds the CPU threshold
  SNMP Server enable rsvp traps
  Server enable SNMP traps syslog
  Server enable SNMP traps l2tun session
  Server enable SNMP traps l2tun pseudowire status
  Server enable SNMP traps vtp
  Enable SNMP-Server intercepts waas
  Server enable SNMP traps ipsla
  Server enable SNMP traps bfd
  Server enable SNMP traps gdoi gm-early-registration
  Server enable SNMP traps gdoi full-save-gm
  Server enable SNMP traps gdoi gm-re-register
  Server enable SNMP traps gdoi gm - generate a new key-rcvd
  Server enable SNMP traps gdoi gm - generate a new key-fail
  Server enable SNMP traps gdoi ks - generate a new key-pushed
  Enable SNMP traps gdoi gm-incomplete-cfg Server
  Enable SNMP-Server intercepts gdoi ks-No.-rsa-keys
  Server enable SNMP traps gdoi ks-new-registration
  Server enable SNMP traps gdoi ks-reg-complete
  Enable SNMP-Server Firewall state of traps
  SNMP-Server enable traps ike policy add
  Enable SNMP-Server intercepts removal of ike policy
  Enable SNMP-Server intercepts start ike tunnel
  Enable SNMP-Server intercepts stop ike tunnel
  SNMP server activate ipsec cryptomap add traps
  SNMP server activate ipsec cryptomap remove traps
  SNMP server activate ipsec cryptomap attach traps
  SNMP server activate ipsec cryptomap detach traps
  Server SNMP traps enable ipsec tunnel beginning
  SNMP-Server enable traps stop ipsec tunnel
  Enable SNMP-server holds too many associations of ipsec security
  Enable SNMP-Server intercepts alarm ethernet cfm
  Enable SNMP-Server intercepts rf
  Server enable SNMP traps vrfmib vrf - up low-vrf vnet-trunk-up low-trunk-vnet
  Server RADIUS dead-criteria life 2
  RADIUS-server host 192.168.10.10
  Server RADIUS 2 timeout
  Server RADIUS XXXXXXX key
  !
  !
  !
  control plan
  !
  !

  Line con 0
  privilege level 15
  connection of authentication radius_auth
  line to 0
  line 2
  no activation-character
  No exec
  preferred no transport
  transport of entry all
  transport output pad rlogin lapb - your MOP v120 udptn ssh telnet
  StopBits 1
  line vty 0 4
  privilege level 15
  connection of authentication radius_auth
  entry ssh transport
  line vty 5 15
  privilege level 15
  connection of authentication radius_auth
  entry ssh transport
  !
  Scheduler allocate 20000 1000
  NTP-Calendar Update
  Server NTP 192.168.10.10
  NTP 64.250.229.100 Server
  !
  end

  Router ipsec crypto #sh her

  Interface: GigabitEthernet0/0
  Tag crypto map: SDM_CMAP_1, local addr 76.W.E.R

  protégé of the vrf: (none)
  local ident (addr, mask, prot, port): (0.0.0.0/0.0.0.0/0/0)
  Remote ident (addr, mask, prot, port): (192.168.168.213/255.255.255.255/0/0)
  current_peer 75.X.X.X port 2642
  LICENCE, flags is {}
  #pkts program: 1953, #pkts encrypt: 1953, #pkts digest: 1953
  #pkts decaps: 1963, #pkts decrypt: 1963, #pkts check: 1963
  compressed #pkts: 0, unzipped #pkts: 0
  #pkts uncompressed: 0, #pkts compr. has failed: 0
  #pkts not unpacked: 0, #pkts decompress failed: 0
  Errors #send 0, #recv 0 errors

  local crypto endpt. : 76.W.E.R, remote Start crypto. : 75.X.X.X
  Path mtu 1500, mtu 1500 ip, ip mtu IDB GigabitEthernet0/0
  current outbound SPI: 0x5D423270 (1564619376)
  PFS (Y/N): N, Diffie-Hellman group: no

  SAS of the esp on arrival:
  SPI: 0x2A5177DD (709982173)
  transform: esp-3des esp-sha-hmac.
  running parameters = {Tunnel UDP-program}
  Conn ID: 2115, flow_id: VPN:115 on board, sibling_flags 80000040, crypto card: SDM_CMAP_1
  calendar of his: service life remaining (k/s) key: (4301748/2809)
  Size IV: 8 bytes
  support for replay detection: Y
  Status: ACTIVE (ACTIVE)

  the arrival ah sas:

  SAS of the CFP on arrival:

  outgoing esp sas:
  SPI: 0x5D423270 (1564619376)
  transform: esp-3des esp-sha-hmac.
  running parameters = {Tunnel UDP-program}
  Conn ID: 2116, flow_id: VPN:116 on board, sibling_flags 80000040, crypto card: SDM_CMAP_1
  calendar of his: service life remaining (k/s) key: (4301637/2809)
  Size IV: 8 bytes
  support for replay detection: Y
  Status: ACTIVE (ACTIVE)

  outgoing ah sas:

  outgoing CFP sas:

  Routing crypto isakmp #sh its
  IPv4 Crypto ISAKMP Security Association
  DST CBC conn-State id
  76.W.E.R 75.X.X.X QM_IDLE 1055 ACTIVE

  IPv6 Crypto ISAKMP Security Association

  

  

  In your acl, nat, you will need to refuse your VPN traffic before you allow the subnet at all. Just put all the declarations of refusal before the declarations of licence.

  Sent by Cisco Support technique iPhone App

• Ipad Cisco ipsec VPN connects but not access to the local network

  Hi guys,.

  I am trying to connect our ipads to vpn to access network resources. IPSec cisco ipad connects but not lan access and cannot ping anything not even not the interfaces of the router.

  If I configure the vpn from cisco on a laptop, it works perfectly, I can ping all and can access resources on the local network if my guess is that the traffic is not going in the tunnel vpn between ipad and desktop.

  Cisco 877.

  My config is attached.

  Any ideas?

  Thank you

  Build-in iPad-client is not useful to your configuration.

  You have three options:

  (1) remove the ACL of your vpn group. Without split tunneling client will work.

  2) migrate legacy config crypto-map style. Here, you can use split tunneling

  3) migrate AnyConnect.

  The root of the problem is that the iPad Gets the split tunneling-information. But instead of control with routing traffic should pass through the window / the tunnel and which traffic is allowed without the VPN of the iPad tries to build a set of SAs for each line in your split-tunnel-ACL. But with the model-virtual, SA only is allowed.

• VPN works, but cannot access the LAN...

  I have cisco vpn client connection to a 1721 at the office. the client connects and I can access the office LAN but but not the local network. I have the box checked in client vpn to allow access to the local network. Help, please!

  Thank you!

  Matt

  Here is the config:

  Current configuration: 3901 bytes

  !

  version 12.2

  horodateurs service debug datetime msec

  Log service timestamps datetime msec

  encryption password service

  !

  Cerberus hostname

  !

  start the system flash c1700-k9o3sy7 - mz.122 - 11.T10.bin

  AAA new-model

  !

  !

  RADIUS AAA server group SERVERS RADIUS

  auth-port 1645 192.168.69.1 Server acct-port 1646

  !

  AAA authentication login LOGIN group SERVERS RADIUS local

  local NETGROUPAUTH AAA authorization network

  AAA - the id of the joint session

  !

  username mattheff password xxx

  username mikeheff password xxx

  clock timezone CST - 6

  clock to summer time recurring CDT 2 Sun Mar 2:00 1 Sun Nov 02:00

  IP subnet zero

  !

  !

  IP domain name heffnet.net

  name of the IP-server 68.94.156.1

  name of the IP-server 68.94.157.1

  DHCP excluded-address IP 192.168.69.1 192.168.69.99

  DHCP excluded-address IP 192.168.69.111 192.168.69.254

  !

  dhcp HEFFNET_LAN_POOL_1 IP pool

  network 192.168.69.0 255.255.255.0

  router by default - 192.168.69.254

  Server DNS 68.x.x.1 68.94.157.1

  !

  audit of IP notify Journal

  Max-events of po verification IP 100

  VPDN enable

  !

  VPDN-group pppoe

  demand dial

  Protocol pppoe

  !

  !

  !

  crypto ISAKMP policy 3

  BA 3des

  preshared authentication

  Group 2

  !

  Configuration group VPNGROUP crypto isakmp client

  8mathef8 key

  68.x.x.1 DNS 68.94.157.1

  heffnet.net field

  pool VPN_CLIENT_POOL

  ACL 102

  !

  !

  Crypto ipsec transform-set esp-3des esp-sha-hmac VPNSET1

  !

  crypto dynamic-map 10 DYNMAP

  game of transformation-VPNSET1

  !

  !

  list of authentication of card crypto VPNCLIENTMAP customer LOGIN

  list of crypto isakmp NETGROUPAUTH VPNCLIENTMAP card authorization

  crypto card for the VPNCLIENTMAP client configuration address respond

  card crypto VPNCLIENTMAP 10-isakmp dynamic ipsec DYNMAP

  !

  !

  !

  !

  interface Loopback0

  IP address 1.1.x.x.255.255.252

  !

  ATM0 interface

  Heffnet WAN/SBC DSL Interface Description

  no ip address

  No atm ilmi-keepalive

  PVC 0/35

  PPPoE-client dial-pool-number 69

  !

  DSL-automatic operation mode

  no fair queue

  !

  interface FastEthernet0

  Heffnet LAN Interface Description

  IP 192.168.69.254 255.255.255.0

  IP nat inside

  IP tcp adjust-mss 1452

  route VPN_ROUTE_MAP card intellectual property policy

  automatic speed

  !

  interface Dialer69

  MTU 1492

  the negotiated IP address

  NAT outside IP

  encapsulation ppp

  Dialer pool 69

  PPP chap hostname cerberus

  PPP chap password xxx

  PPP pap sent-username [email protected] / * / password xxx

  card crypto VPNCLIENTMAP

  !

  local IP VPN_CLIENT_POOL 192.168.70.200 pool 192.168.70.253

  IP nat inside source list interface INTERNALLY Dialer69 overload

  !

  IP classless

  IP route 0.0.0.0 0.0.0.0 Dialer69

  no ip address of the http server

  !

  !

  INTERNAL extended IP access list

  deny ip 192.168.69.0 0.0.0.255 192.168.70.0 0.0.0.255

  IP 192.168.69.0 allow 0.0.0.255 any

  !

  record 192.168.69.1

  access-list 101 permit ip 192.168.69.0 0.0.0.255 192.168.70.0 0.0.0.255

  access-list 102 permit ip 192.168.69.0 0.0.0.255 any

  !

  VPN_ROUTE_MAP allowed 10 route map

  corresponds to the IP 101

  set ip next-hop 1.1.1.2

  !

  alias exec s show ip interface brief

  alias exec sr show running-config

  !

  Line con 0

  privilege level 15

  Synchronous recording

  line to 0

  privilege level 15

  Synchronous recording

  line vty 0 4

  privilege level 15

  Synchronous recording

  line vty 5 15

  privilege level 15

  Synchronous recording

  !

  Scheduler allocate 4000 1000

  end

  Hi Matt,

  The config looks good. Please make sure that you get a route to 192.168.69.0 255.255.255.0 network only after the connection to the VPN client. Please also correspond to the exit "route print" before and after the connection. One last thing, I hope that the local network is not 192.168.69.0.

  HTH,

  Please rate if this helps,

  Kind regards

  Kamal

• ASA 5505 ipsec vpn connection fails

  Hello

  I'm trying to configure a Cisco ASA 5505 for Remote Clients.

  I use the ASDM interface and used assistants start and ipsec for my setup, but im hit a stumbling block.

  To last make it work 2 days I have tried a number of configuration changes to try to make this work but didn't, so I did a factory reset and passed by the assistants, once again, I have a clean Setup that I hope someone can help me.

  Currently I have an IP public static 81.137.x.x and I use a Netgear ADSL router, which transfers (UDP 500) VPN traffic to 192.168.171.35 (port wan on the ASA 5505).

  The Cisco ASA has a default address of 192.168.1.1

  I use the Cisco Client 5.0.06.0160.

  I have configured the client to use authentication group with the same credentials as configuration through the wizard and im using Transparent Tunneling IPSec over UDP.

  I have attached 2 documents

  running_config.txt - what is shows the current configuration of ASA

  Journal - View.txt - display of error messages displayed in the real-time log viewer when I try to connect from the remote client.

  I'm not sure if I need to do on the other that additional configurations for my setup simply run the wizards.

  Any help would be appreciated.

  Thank you

  Hello Philippe,

  According to the lines in the journal, there is a problem of routing for ip vpn applicant address. ASA couldn't find the definition of route suitable for the return traffic. Add a default route to unknown destinations could solve this problem. As I see you are using modem netgear as a default gateway for your ASA. I write example of command line for this purpose.

  Route outside 0.0.0.0 0.0.0.0 NetGear_LAN_IP_Address 1

  Ufuk Güler

• Urgent! Users of remote access VPN connects but cannot access remote LAN (ping, folder,...)

  Hello

  I am setting up a VPN on a Cisco ASA 5510 version 8.4 remote access (4) 1.

  When I try to connect via the Cisco VPN client software, I am able to connect however I am unable to access network resources.

  However, I can ping the servers in the other site that is connected through the VPN site-to site to the main site!

  VPN client--> main site (ping times on)--> Site connected with the main site with VPN S2S (successful ping)

  Please help me I need to find a solution as soon as POSSIBLE!

  Thank you in advance.

  Hello

  Please remove the NAT exemption and the re - issue the command but with #1, so it will place the NAT as first line:

  No nat (SERVERS, external) static source SERVERS_LAN SERVERS_LAN NETWORK_OBJ_10.10.40.8_29 NETWORK_OBJ_10.10.40.8_29 non-proxy-arp-search of route static destination

  NAT (SERVERS, external) 1 static source SERVERS_LAN SERVERS_LAN NETWORK_OBJ_10.10.40.8_29 NETWORK_OBJ_10.10.40.8_29 non-proxy-arp-search of route static destination

  After re-configured this way, make sure that this command is also available:

  Sysopt connection permit VPN

  This sysopt will allow traffic regardles any ACL a fall, just in case. Please continue to run a package tracer and post it here,

  Packet-trace entry Server icmp XXXXXX 8 0 detailed YYYYY

  XXXX--> server IP

  AAAA--> VPN IP of the user

  Don't forget to do the two steps and a just in case, capture Please note and mark it as correct the useful message!

  Thank you

  David Castro,

• Equium P200-1IR - wireless is connected but cannot access the internet

  Hi there,

  Need a little help!

  I just bought an Equium P200 1IR.
  I activated the wi fi.
  I see my router which is Talk Talk.
  Can I get the laptop to connect to the router and it says I'm connected,
  However I can't access the internet.

  I tried the same process by inserting a WiFi dongle into the USB port
  on the laptop, and exactly the same thing happens.
  We have other home computers that connect to the router and the internet
  OK using the wireless dongle.
  I plugged a rigid cable between the laptop and the router connection and I can't
  access the internet immediately without any problem, however, would be delighted
  to use the wireless function.

  Any help really appreciated... Thank you

  Waynec

  Hello

  Try please reboot your router. A few weeks ago, I had a similar problem with my Satellite A300. WLAN is connected but Internet was not available. After the router is restarted all of a sudden everything was ok again.

• Lenovo K4 Note: WiFi connected but cannot access the internet.

  Hello

  Just a little while back, suddenly, my phone is connected to WiFi, but could not access the net, although the WiFi worked very well. I restarted the phone and then he couldn't even connect to the registered WiFi. I deleted the data and reconnects with password, still unable to connect. Deleted data from WLANBindingLocation and plugged in, he connected on WiFi but not Internet access again. Remove password and then reconnected and then it started working.

  Important: before that happened, I had opened the game "In The Dead". He started, but then became unresponsive. The phone hang well. The game became unresponsive. That's happened three times. And then it's the WiFi thing.

  VERY IMPORTANT: now I am train to check the system settings updates-> phone-> system update and it is to show "the failure of the network connection. Please try again. Although I'm always connected to the Internet and it works. I write this from my phone. »

  What the devil. It is a new phone. And I was so impressed by the latter. And now this? Give me a solution. NOW!

  OTA server is down, the team is fixing now.

• From high-speed wireless broadband with a cable modem, and shows the connection, but cannot access the web w / IE8

  I have Windows Vista, IE 8 and labtop HP Pavilion. I had just recently Cricket Wireless Broadband, with a USB wireless modem. I now have the Charter/Comcast broadband through my cable. The modem is connected to my PC via the Ethernet port. On the connection icon on the toolbar on the right down, it shows that I am connected. The "Local Area Connection Status" in the network and sharing Center seems to be connected, since bytes are sent and received.

  However, when I'm on IE8, it acts as if there is no connection. Not being able to view the web page. Also, now when I go to a local WiFi hotspot, I can't connect to a network, just as I always, and it shows that there is a link, however, it won't let me access the internet. It used to work, before everything first, I connected the cable modem.

  Any ideas? Thank you!!

  JFerguson15,

  If the Cricket connection works correctly but your cable connection is not, which suggests the computer is set up correctly and the problem is with the cable connection. All other systems are able to connect through the connection of the Charter? If this isn't the case, please contact Charter and see if they are able to determine the issue on their end or help you reconfigure the modem.

  Cody C
  Microsoft Answers Support Engineer
  Visit our Microsoft answers feedback Forum and let us know what you think.

• Cisco ASA 8.4 (3) remote access VPN - client connects but cannot access inside the network

  I have problems to access the resources within the network when connecting with the Cisco VPN client for a version of 8.4 (3) operation of the IOS Cisco ASA 5510. I tried all new NAT 8.4 orders but cannot access the network interior. I can see traffic in newspapers when ping. I can only assume I have NAT evil or it's because the inside interface of the ASA is on the 24th of the same subnet as the network interior? Please see config below, any suggestion would be appreciated. I configured a VPN site to another in this same 5510 and it works well

  Thank you

  interface Ethernet0/0

  Speed 100

  full duplex

  nameif outside

  security-level 0

  IP x.x.x.x 255.255.255.240

  !

  interface Ethernet0/1

  Speed 100

  full duplex

  nameif inside

  security-level 100

  IP 10.88.10.254 255.255.255.0

  !

  interface Management0/0

  Shutdown

  nameif management

  security-level 0

  no ip address

  !

  permit same-security-traffic inter-interface

  permit same-security-traffic intra-interface

  network of the PAT_to_Outside_ClassA object

  10.88.0.0 subnet 255.255.0.0

  network of the PAT_to_Outside_ClassB object

  subnet 172.16.0.0 255.240.0.0

  network of the PAT_to_Outside_ClassC object

  Subnet 192.168.0.0 255.255.240.0

  network of the LocalNetwork object

  10.88.0.0 subnet 255.255.0.0

  network of the RemoteNetwork1 object

  Subnet 192.168.0.0 255.255.0.0

  network of the RemoteNetwork2 object

  172.16.10.0 subnet 255.255.255.0

  network of the RemoteNetwork3 object

  10.86.0.0 subnet 255.255.0.0

  network of the RemoteNetwork4 object

  10.250.1.0 subnet 255.255.255.0

  network of the NatExempt object

  10.88.10.0 subnet 255.255.255.0

  the Site_to_SiteVPN1 object-group network

  object-network 192.168.4.0 255.255.254.0

  object-network 172.16.10.0 255.255.255.0

  object-network 10.0.0.0 255.0.0.0

  outside_access_in deny ip extended access list a whole

  inside_access_in of access allowed any ip an extended list

  11 extended access-list allow ip 10.250.1.0 255.255.255.0 any

  outside_1_cryptomap to access extended list ip 10.88.0.0 255.255.0.0 allow object-group Site_to_SiteVPN1

  mask 10.250.1.1 - 10.250.1.254 255.255.255.0 IP local pool Admin_Pool

  NAT static NatExempt NatExempt of the source (indoor, outdoor)

  NAT (inside, outside) static source any any static destination RemoteNetwork4 RemoteNetwork4-route search

  NAT static LocalNetwork LocalNetwork destination (indoor, outdoor) static source RemoteNetwork1 RemoteNetwork1

  NAT static LocalNetwork LocalNetwork destination (indoor, outdoor) static source RemoteNetwork2 RemoteNetwork2

  NAT static LocalNetwork LocalNetwork destination (indoor, outdoor) static source RemoteNetwork3 RemoteNetwork3

  NAT (inside, outside) static source LocalNetwork LocalNetwork static destination RemoteNetwork4 RemoteNetwork4-route search

  !

  network of the PAT_to_Outside_ClassA object

  NAT dynamic interface (indoor, outdoor)

  network of the PAT_to_Outside_ClassB object

  NAT dynamic interface (indoor, outdoor)

  network of the PAT_to_Outside_ClassC object

  NAT dynamic interface (indoor, outdoor)

  Access-group outside_access_in in interface outside

  inside_access_in access to the interface inside group

  Route outside 0.0.0.0 0.0.0.0 x.x.x.x 1

  dynamic-access-policy-registration DfltAccessPolicy

  Sysopt connection timewait

  Service resetoutside

  Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

  Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

  Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

  Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac

  Crypto ipsec transform-set esp-ikev1 esp-md5-hmac bh-series

  Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac

  Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac

  Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac

  Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac

  Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

  Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac

  Crypto-map dynamic dynmap 10 set pfs

  Crypto-map dynamic dynmap 10 set transform-set bh - set ikev1

  life together - the association of security crypto dynamic-map dynmap 10 28800 seconds

  Crypto-map dynamic dynmap 10 kilobytes of life together - the association of safety 4608000

  Crypto-map dynamic dynmap 10 the value reverse-road

  card crypto mymap 1 match address outside_1_cryptomap

  card crypto mymap 1 set counterpart x.x.x.x

  card crypto mymap 1 set transform-set ESP-AES-256-SHA ikev1

  card crypto mymap 86400 seconds, 1 lifetime of security association set

  map mymap 1 set security-association life crypto kilobytes 4608000

  map mymap 100-isakmp ipsec crypto dynamic dynmap

  mymap outside crypto map interface

  crypto isakmp identity address

  Crypto isakmp nat-traversal 30

  Crypto ikev1 allow outside

  IKEv1 crypto ipsec-over-tcp port 10000

  IKEv1 crypto policy 5

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  IKEv1 crypto policy 10

  preshared authentication

  3des encryption

  sha hash

  Group 1

  life 86400

  IKEv1 crypto policy 50

  preshared authentication

  the Encryption

  md5 hash

  Group 2

  life 86400

  IKEv1 crypto policy 60

  preshared authentication

  aes-256 encryption

  sha hash

  Group 2

  life 86400

  IKEv1 crypto policy 70

  preshared authentication

  aes-256 encryption

  sha hash

  Group 1

  life 86400

  IKEv1 crypto policy 90

  preshared authentication

  aes encryption

  sha hash

  Group 2

  life 86400

  Telnet timeout 5

  Console timeout 0

  management-access inside

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  WebVPN

  internal BACKDOORVPN group policy

  BACKDOORVPN group policy attributes

  value of VPN-filter 11

  Ikev1 VPN-tunnel-Protocol

  Split-tunnel-policy tunnelall

  BH.UK value by default-field

  type tunnel-group BACKDOORVPN remote access

  attributes global-tunnel-group BACKDOORVPN

  address pool Admin_Pool

  Group Policy - by default-BACKDOORVPN

  IPSec-attributes tunnel-group BACKDOORVPN

  IKEv1 pre-shared-key *.

  tunnel-group x.x.x.x type ipsec-l2l

  tunnel-group ipsec-attributes x.x.x.x

  IKEv1 pre-shared-key *.

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  maximum message length automatic of customer

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  Review the ip options

  !

  global service-policy global_policy

  Excellent.

  Evaluate the useful ticket.

  Thank you

  Rizwan James

• Trying to repair XP Home CD, but cannot access the screen where you choose to repair or install fresh.

  Trying to repair XP Home CD, but cannot access the screen where you choose to repair or install fresh.

  I get the first screen where you have the choice to configure windows or press 'r' for recovery console.

  After I press enter for the installer, do not me the usual on-screen next where it is said that if the following XP installation is damaged, you can repair it.  Instead, it leads me to a screen where it shows my partitions and asked that one I want to install windows on.  If I choose "C:" he then told me that there is already a system opperating on the partition...

  Hello

  Follow the steps of "Error Message: Setup cannot set the required Windows XP Configuration Information.
  ' http://support.microsoft.com/kb/316425 '.

  Diana

  Microsoft Answers Support Engineer

  Visit our Microsoft answers feedback Forum and let us know what you think.

  If this post can help solve your problem, please click the 'Mark as answer' or 'Useful' at the top of this message. Marking a post as answer, or relatively useful, you help others find the answer more quickly.

• remote VPN and vpn site to site vpn remote users unable to access the local network

  As per below config remote vpn and vpn site to site vpn remote users unable to access the local network please suggest me a required config

  The local 192.168.215.4 not able ping server IP this server connectivity remote vpn works fine but not able to ping to the local network vpn users.

  ASA Version 8.2 (2)
  !
  host name
  domain kunchevrolet
  activate r8xwsBuKsSP7kABz encrypted password
  r8xwsBuKsSP7kABz encrypted passwd
  names of
  !
  interface Ethernet0/0
  nameif outside
  security-level 0
  PPPoE client vpdn group dataone
  IP address pppoe
  !
  interface Ethernet0/1
  nameif inside
  security-level 50
  IP 192.168.215.2 255.255.255.0
  !
  interface Ethernet0/2
  nameif Internet
  security-level 0
  IP address dhcp setroute
  !
  interface Ethernet0/3
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Management0/0
  Shutdown
  No nameif
  no level of security
  no ip address
  management only
  !
  passive FTP mode
  clock timezone IST 5 30
  DNS server-group DefaultDNS
  domain kunchevrolet
  permit same-security-traffic intra-interface
  object-group network GM-DC-VPN-Gateway
  object-group, net-LAN
  access extensive list ip 192.168.215.0 sptnl allow 255.255.255.0 192.168.2.0 255.255.255.0
  192.168.215.0 IP Access-list extended sheep 255.255.255.0 allow 192.168.2.0 255.255.255.0
  tunnel of splitting allowed access list standard 192.168.215.0 255.255.255.0
  pager lines 24
  Enable logging
  asdm of logging of information
  Outside 1500 MTU
  Within 1500 MTU
  MTU 1500 Internet
  IP local pool VPN_Users 192.168.2.1 - 192.168.2.250 mask 255.255.255.0
  ICMP unreachable rate-limit 1 burst-size 1
  enable ASDM history
  ARP timeout 14400
  NAT-control
  Global 1 interface (outside)
  NAT (inside) 1 0.0.0.0 0.0.0.0
  Route outside 0.0.0.0 0.0.0.0 59.90.214.1 1
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-registration DfltAccessPolicy
  the ssh LOCAL console AAA authentication
  AAA authentication LOCAL telnet console
  AAA authentication http LOCAL console
  AAA authentication enable LOCAL console
  LOCAL AAA authentication serial console
  Enable http server
  x.x.x.x 255.255.255.252 out http
  http 192.168.215.0 255.255.255.252 inside
  http 192.168.215.0 255.255.255.0 inside
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT
  life crypto ipsec security association seconds 28800
  Crypto ipsec kilobytes of life - safety 4608000 association
  Crypto-map dynamic dynmap 65500 transform-set RIGHT
  card crypto 10 VPN ipsec-isakmp dynamic dynmap
  card crypto VPN outside interface
  card crypto 10 ASA-01 set peer 221.135.138.130
  card crypto 10 ASA - 01 the transform-set RIGHT value
  crypto ISAKMP allow outside
  crypto ISAKMP policy 10
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  crypto ISAKMP policy 65535
  preshared authentication
  the Encryption
  sha hash
  Group 2
  lifetime 28800
  Telnet 192.168.215.0 255.255.255.0 inside
  Telnet timeout 5
  SSH 0.0.0.0 0.0.0.0 outdoors
  SSH timeout 5
  Console timeout 0
  management-access inside
  VPDN group dataone request dialout pppoe
  VPDN group dataone localname bb4027654187_scdrid
  VPDN group dataone ppp authentication chap
  VPDN username bb4027654187_scdrid password * local store
  interface for identifying DHCP-client Internet customer
  dhcpd dns 218.248.255.141 218.248.245.1
  !
  dhcpd address 192.168.215.11 - 192.168.215.254 inside
  dhcpd allow inside
  !
  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  Des-sha1 encryption SSL
  WebVPN
  allow outside
  tunnel-group-list activate
  internal kun group policy
  kun group policy attributes
  VPN - connections 8
  Protocol-tunnel-VPN IPSec
  Split-tunnel-policy tunnelspecified
  Split-tunnel-network-list value split tunnel
  kunchevrolet value by default-field
  test P4ttSyrm33SV8TYp encrypted password username
  username kunauto password bSHrKTGl8PUbvus / encrypted privilege 15
  username kunauto attributes
  Strategy Group-VPN-kun
  Protocol-tunnel-VPN IPSec
  tunnel-group vpngroup type remote access
  tunnel-group vpngroup General attributes
  address pool VPN_Users
  Group Policy - by default-kun
  tunnel-group vpngroup webvpn-attributes
  the vpngroup group alias activation
  vpngroup group tunnel ipsec-attributes
  pre-shared key *.
  type tunnel-group test remote access
  tunnel-group x.x.x.x type ipsec-l2l
  tunnel-group ipsec-attributes x.x.x.x
  pre-shared key *.
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  maximum message length automatic of customer
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the preset_dns_map dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  Review the ip options
  inspect the netbios
  inspect the rsh
  inspect the rtsp
  inspect the skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect the tftp
  inspect the sip
  inspect xdmcp
  inspect the icmp
  !
  global service-policy global_policy
  context of prompt hostname
  call-home
  Profile of CiscoTAC-1
  no active account
  http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
  email address of destination [email protected] / * /
  destination-mode http transport
  Subscribe to alert-group diagnosis
  Subscribe to alert-group environment
  Subscribe to alert-group monthly periodic inventory
  monthly periodicals to subscribe to alert-group configuration
  daily periodic subscribe to alert-group telemetry
  Cryptochecksum:0d2497e1280e41ab3875e77c6b184cf8
  : end
  kunauto #.

  Hello

  Looking at the configuration, there is an access list this nat exemption: -.

  192.168.215.0 IP Access-list extended sheep 255.255.255.0 allow 192.168.2.0 255.255.255.0

  But it is not applied in the States of nat.

  Send the following command to the nat exemption to apply: -.

  NAT (inside) 0 access-list sheep

  Kind regards

  Dinesh Moudgil

  P.S. Please mark this message as 'Responded' If you find this information useful so that it brings goodness to other users of the community